This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

A quick fix when Sophos endpoint blocks LAN and WAN connections due to service failure

Hello All,

What is a quick fix when Sophos Endpoint service fails to start and the endpoint is blocked on LAN and WAN due to security heartbeat? This happens on random PCs especially when the software is updated.

How to start the service.

I had to uninstall the Sophos endpoint so that the PC can regain the connectivity. Is there a way where I can add an exception on a server running Sophos to allow the connection to the PC for DNS queries etc?

Any advice will be appreciated.



This thread was automatically locked due to age.
Parents
  • Hi There,

    Thank you for reaching us, Security Heartbeat is one of our Security features that will hinder any connections from the endpoint to the network when it detects any anomalies/issues on the system. Once activated, it’ll monitor the status of the endpoint and will automatically Isolate any device on your network which has a bad status on it. And in order to solve this, you need to fix the problematic device issue to re-establish the connection. The question here does not lay on how to perform exclusion as this may beat the purpose of activating Heartbeat in your environment but you what causes the endpoint to go on a bad status. You can add exclusion however with limited connectivity just for the sake of troubleshooting the device in question. this has been described over this documentation and this article as well on section "Configuring isolation exclusions."

    To further check the issue, Can you share with us what was the existing version of the endpoint is installed on the device in question? What update causes this issue? what component of Sophos endpoint isn’t working when you encounter the issue?

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello Glenn,

    I will go through the links as advised. "Sophos File Scanner" service was not running and hence was flagged as at Risk. I am aware of the Heartbeat security feature, in my case, the above service was failing to start after a computer reboots.

    I tried to update the endpoint via Central but was failing as well. Since I uninstalled the Sophos endpoint, I am unable to provide the version it was running.

    Thanks

  • You should be able to start a stopped service to put it back into health? Even with Tamper enabled, starting a service should be ok.  Would it start or was it actually broken? Did it just timeout at boot?  The Windows Event log could probably confirm this. 

  • I thought the same about restarting the service. However, I am unable to in either mode admin, local user, or via system account because the options are grayed out and via command, I get access denied. 

  • I can understand not being able to restart the service as that would be a stop and a start but you should be able to just start a stopped service even when tamper protected.

Reply Children
No Data